NEO (NEO) and the Storage Injection Vulnerability

NEO and Red4Sec Discover Vulnerability in Smart Code

As published on NEO’s official blog page yesterday, on May 19th, it was stated that with the help of an audit security company Red4Sec, NEO was able to discover that there have been some flaws
related to the smart code of certain decentralized apps on NEO network.

However, what is important to stress out in this matter, is that NEO network is not affected and has not been altered by the flaw in the smart code. That being said, it was noted that only
certain decentralized applications on NEO network were found to be “infected” by this flaw, where the vulnerability was discovered to be related to some NEP-5 tokens.

That means that although the general security of the network is jeopardized, the discovered flaw could still allow hackers to make changes to the storage of the affected contract codes.
Resource: Read more
here.